In order to get a feel for the security landscape of modern browsers, it's essential to be able to create have a wide range of test cases covering both high and low level security issues. In order to keep things as objective (and simple) as possible, we've opted to focus on automation as much as possible. To run these automated tests, a powerful and generic framework is needed that can run in as many browsers as possible. Fortunately, OWASP has adopted the [http://www.owasp.org/index.php/OWASP_Web_Browser_Testing_System_Project Web Browser Testing System Project], a testing harness originally developed and contributed by Isaac Dawson.

+

+

...more details...

+

+

==== Current Status ====

==== Current Status ====

Revision as of 21:44, 21 February 2011

Main

Browser Security Acid Tests

Welcome to the Browser Security Acid Tests. OWASP has adopted this project with the goal to create an in-depth suite of test cases for identifying security issues in web browsers. By highlighting such issues, we can help browser vendors adopt appropriate security controls and implement new security features in a more consistent manner. We can also help raise public awareness about various security issues while providing objective data on the current status of browser security.

The project is under active development. Please take a look at TBD for ways you can contribute.

Purpose

Web browsers are *very* complicated pieces of software. The landscape of functionality provided by modern browsers is pocketed with security concerns, both large and small. This project was started in order to help people get a better understanding of what these issues are while also providing browser vendors a forum to compare strategies, vulnerabilities, and new features.

...

Approach

In order to get a feel for the security landscape of modern browsers, it's essential to be able to create have a wide range of test cases covering both high and low level security issues. In order to keep things as objective (and simple) as possible, we've opted to focus on automation as much as possible. To run these automated tests, a powerful and generic framework is needed that can run in as many browsers as possible. Fortunately, OWASP has adopted the Web Browser Testing System Project, a testing harness originally developed and contributed by Isaac Dawson.

...more details...

Current Status

This project is under active development. We are currently working to establish the scope of the project, adopt a sensible testing framework, and gather support from interested browser vendors.